DeepOrigin: End-To-End Deep Learning for Detection of New Malware Families

Ilay Cordonsky; Ishai Rosenberg; Guillaume Sicard; Eli Omid David

doi:10.1109/IJCNN.2018.8489667

DeepOrigin: End-To-End Deep Learning for Detection of New Malware Families

Ilay Cordonsky, Ishai Rosenberg, Guillaume Sicard, Eli Omid David

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

18 Scopus citations

Abstract

In this paper, we present a novel method of differentiating known from previously unseen malware families. We utilize transfer learning by learning compact file representations that are used for a new classification task between previously seen malware families and novel ones. The learned file representations are composed of static and dynamic features of malware files and are invariant to small modifications that do not change the malware functionality. Using an extensive dataset that consists of thousands of variants of malicious files, we were able to achieve 97.7% accuracy when classifying between seen and unseen malware families. Our method provides an important focalizing tool for cybersecurity researchers and greatly improves the overall ability to adapt to the fast-moving pace of the current threat landscape.

Original language	English
Title of host publication	2018 International Joint Conference on Neural Networks, IJCNN 2018 - Proceedings
Publisher	Institute of Electrical and Electronics Engineers
ISBN (Electronic)	9781509060146
DOIs	https://doi.org/10.1109/IJCNN.2018.8489667
State	Published - 10 Oct 2018
Externally published	Yes
Event	2018 International Joint Conference on Neural Networks, IJCNN 2018 - Rio de Janeiro, Brazil Duration: 8 Jul 2018 → 13 Jul 2018

Publication series

Name	Proceedings of the International Joint Conference on Neural Networks
Volume	2018-July

Conference

Conference	2018 International Joint Conference on Neural Networks, IJCNN 2018
Country/Territory	Brazil
City	Rio de Janeiro
Period	8/07/18 → 13/07/18

ASJC Scopus subject areas

Software
Artificial Intelligence

Access to Document

10.1109/IJCNN.2018.8489667

Cite this

Cordonsky, I., Rosenberg, I., Sicard, G., & David, E. O. (2018). DeepOrigin: End-To-End Deep Learning for Detection of New Malware Families. In 2018 International Joint Conference on Neural Networks, IJCNN 2018 - Proceedings Article 8489667 (Proceedings of the International Joint Conference on Neural Networks; Vol. 2018-July). Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/IJCNN.2018.8489667

@inproceedings{27a051581c454f56a586b479205704db,

title = "DeepOrigin: End-To-End Deep Learning for Detection of New Malware Families",

abstract = "In this paper, we present a novel method of differentiating known from previously unseen malware families. We utilize transfer learning by learning compact file representations that are used for a new classification task between previously seen malware families and novel ones. The learned file representations are composed of static and dynamic features of malware files and are invariant to small modifications that do not change the malware functionality. Using an extensive dataset that consists of thousands of variants of malicious files, we were able to achieve 97.7% accuracy when classifying between seen and unseen malware families. Our method provides an important focalizing tool for cybersecurity researchers and greatly improves the overall ability to adapt to the fast-moving pace of the current threat landscape.",

author = "Ilay Cordonsky and Ishai Rosenberg and Guillaume Sicard and David, {Eli Omid}",

note = "Publisher Copyright: {\textcopyright} 2018 IEEE.; 2018 International Joint Conference on Neural Networks, IJCNN 2018 ; Conference date: 08-07-2018 Through 13-07-2018",

year = "2018",

month = oct,

day = "10",

doi = "10.1109/IJCNN.2018.8489667",

language = "English",

series = "Proceedings of the International Joint Conference on Neural Networks",

publisher = "Institute of Electrical and Electronics Engineers",

booktitle = "2018 International Joint Conference on Neural Networks, IJCNN 2018 - Proceedings",

address = "United States",

}

Cordonsky, I, Rosenberg, I, Sicard, G & David, EO 2018, DeepOrigin: End-To-End Deep Learning for Detection of New Malware Families. in 2018 International Joint Conference on Neural Networks, IJCNN 2018 - Proceedings., 8489667, Proceedings of the International Joint Conference on Neural Networks, vol. 2018-July, Institute of Electrical and Electronics Engineers, 2018 International Joint Conference on Neural Networks, IJCNN 2018, Rio de Janeiro, Brazil, 8/07/18. https://doi.org/10.1109/IJCNN.2018.8489667

DeepOrigin: End-To-End Deep Learning for Detection of New Malware Families. / Cordonsky, Ilay; Rosenberg, Ishai; Sicard, Guillaume et al.
2018 International Joint Conference on Neural Networks, IJCNN 2018 - Proceedings. Institute of Electrical and Electronics Engineers, 2018. 8489667 (Proceedings of the International Joint Conference on Neural Networks; Vol. 2018-July).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - DeepOrigin

T2 - 2018 International Joint Conference on Neural Networks, IJCNN 2018

AU - Cordonsky, Ilay

AU - Rosenberg, Ishai

AU - Sicard, Guillaume

AU - David, Eli Omid

PY - 2018/10/10

Y1 - 2018/10/10

N2 - In this paper, we present a novel method of differentiating known from previously unseen malware families. We utilize transfer learning by learning compact file representations that are used for a new classification task between previously seen malware families and novel ones. The learned file representations are composed of static and dynamic features of malware files and are invariant to small modifications that do not change the malware functionality. Using an extensive dataset that consists of thousands of variants of malicious files, we were able to achieve 97.7% accuracy when classifying between seen and unseen malware families. Our method provides an important focalizing tool for cybersecurity researchers and greatly improves the overall ability to adapt to the fast-moving pace of the current threat landscape.

AB - In this paper, we present a novel method of differentiating known from previously unseen malware families. We utilize transfer learning by learning compact file representations that are used for a new classification task between previously seen malware families and novel ones. The learned file representations are composed of static and dynamic features of malware files and are invariant to small modifications that do not change the malware functionality. Using an extensive dataset that consists of thousands of variants of malicious files, we were able to achieve 97.7% accuracy when classifying between seen and unseen malware families. Our method provides an important focalizing tool for cybersecurity researchers and greatly improves the overall ability to adapt to the fast-moving pace of the current threat landscape.

UR - http://www.scopus.com/inward/record.url?scp=85056551663&partnerID=8YFLogxK

U2 - 10.1109/IJCNN.2018.8489667

DO - 10.1109/IJCNN.2018.8489667

M3 - Conference contribution

AN - SCOPUS:85056551663

T3 - Proceedings of the International Joint Conference on Neural Networks

BT - 2018 International Joint Conference on Neural Networks, IJCNN 2018 - Proceedings

PB - Institute of Electrical and Electronics Engineers

Y2 - 8 July 2018 through 13 July 2018

ER -

Cordonsky I, Rosenberg I, Sicard G, David EO. DeepOrigin: End-To-End Deep Learning for Detection of New Malware Families. In 2018 International Joint Conference on Neural Networks, IJCNN 2018 - Proceedings. Institute of Electrical and Electronics Engineers. 2018. 8489667. (Proceedings of the International Joint Conference on Neural Networks). doi: 10.1109/IJCNN.2018.8489667

DeepOrigin: End-To-End Deep Learning for Detection of New Malware Families

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this